COMPUTER CRIME

Computer crime can be defined as any offense that uses or somehow involves a computer or any
violation of the criminal law that involves the knowledge of computer technology for its
perpetration, investigation, or prosecution.

Computer crime can also be defined as illegal activities that make use of electronic systems as a
means to affect the security of computer systems and computer data.

Computer Crime Types

There exists a constantly expanding list of the forms computer crime can take. Fortunately, these
crime types fall into overarching groups of criminal actions. Many traditional crimes, such as fraud,
theft, organized crime rings, prostitution, stalking, and child pornography have been incorporated
into the digital world.

Traditional Crime Types

Some of the traditional crimes now taking place on computers include fraud, theft, harassment, and
child pornography. Computer fraud consists of crimes such as online auction fraud, identity theft,
financial and telecommunications fraud, credit card fraud, and various other schemes. Theft crimes,
as related to computer crime, include categories such as monetary, service and data theft, and piracy.
Harassment offenses include online harassment and cyberstalking. Child pornography crimes
include both the transmission of media that exploits children, as well as solicitation to commit
sexual crimes against minors.
Computer Fraud
Computer fraud is one of the most rapidly increasing forms of computer crime. Computer fraud is
also commonly referred to as Internet fraud. Essentially, computer/ Internet fraud is “any type of
fraud scheme that uses one or more components of the Internet-such as chat rooms, e-mail, message
boards, or Web sites to present fraudulent transactions, or to transmit the proceeds of fraud to
financial institutions or to others connected with the scheme” (Department of Justice, 2001). There
are multiple forms of Internet fraud.
One type of Internet Fraud is the Nigerian e-mail fraud. In this particular crime, the victim receives
e-mail from an alleged son of a deceased Nigerian head of state, who happens to be the heir to
millions of dollars that are hidden in accounts all over the world.

The Internet Crime Complaint Center has identified several other forms of Internet fraud crimes.
The additional forms include:
Advance Fee Fraud Schemes-in, which the victim is required to pay significant fees in advance of
receiving a substantial amount of money or merchandise. The fees are usually passed off as taxes,
or processing fees, or charges for notarized documents. The victim pays these fees and receives
nothing in return. Perhaps the most common example of this type of fraud occurs when a victim is
expecting a large payoff for helping to move millions of dollars out of a foreign country. The victim
may also believe he has won a large award in a nonexistent foreign lottery.
Business/Employment Schemes-typically incorporate identity theft, freight forwarding, and
counterfeit check schemes. The fraudster posts a help-wanted ad on popular Internet job search
sites. Respondents are required to fill out an application wherein they divulge sensitive personal
information, such as their date of birth and Social Security number. The fraudster uses that
information to purchase merchandise on credit. The merchandise is sent to another respondent who
has been hired as a freight forwarder by the fraudster. The merchandise is then reshipped out of the
country. The fraudster, who has represented himself as a foreign company, then pays the freight
forwarder with a counterfeit check containing a significant overage amount. The overage is wired
back to the fraudster, usually in a foreign country, before the fraud is discovered.

Counterfeit Check Schemes- a counterfeit or fraudulent cashier’s check or corporate check is

utilized to pay for merchandise. Often these checks are made out for a substantially larger amount
than the purchase price. The victims are instructed to deposit the check and return the overage
amount, usually by wire transfer, to a foreign country. Because banks may release funds from a
cashier’s check before the check actually clears, the victim believes the check has cleared and wires
the money as instructed. One popular variation of this scam involves the purchase of automobiles
listed for sale in various Internet classified advertisements. The sellers are contacted about
purchasing the autos and shipping them to a foreign country. The buyer, or person acting on behalf
of a buyer then sends the seller a cashier’s check for an amount several thousand dollars over the
price of the vehicle. The seller is directed to deposit the check and wire the excess back to the buyer
so they can pay the shipping charges. Once the money is sent, the buyer typically comes up with an
excuse for canceling the purchase, and attempts to have the rest of the money returned. Although
the seller does not lose the vehicle, he is typically held responsible by his bank for depositing a
counterfeit check.

Credit/Debit Card Fraud-is the unauthorized use of a credit/debit card to fraudulently obtain
money or property. Credit/debit card numbers can be stolen from unsecured web sites, or can be
obtained in an identity theft scheme. Freight forwarding/Reshipping-the receiving and subsequent
reshipping of an on- line ordered merchandise to locations usually abroad. Individuals are often
solicited to participate in this activity in chat rooms, or through Internet job postings. Unbeknownst
to the reshipper, the merchandise has been paid for with fraudulent credit cards.
Identity theft- occurs when someone appropriates another’s personal information without his or her
knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud
schemes. Typically, the victim is led to believe they are divulging sensitive personal information to
a legitimate business, sometimes as a response to an e-mail solicitation to update billing or
membership information, or as an application to a fraudulent Internet job posting.

Investment Fraud- an offering that uses fraudulent claims to solicit investments or loans, or that
provides for the purchase, use, or trade of forged or counterfeit securities.

Investment Fraud- an offering that uses fraudulent claims to solicit investments or loans, or that
provides for the purchase, use, or trade of forged or counterfeit securities.

Non-delivery of Goods/Services-merchandise or services that were purchased or contracted by

individuals on-line are never delivered.

Phony Escrow Services-in an effort to persuade a wary Internet auction participant, the fraudster
will propose the use of a third-party escrow service to facilitate the exchange of money and
merchandise. The victim is unaware the fraudster has spoofed a legitimate escrow service. The
victim sends payment or merchandise to the phony escrow and receives nothing in return.

Ponzi/Pyramid Schemes-investors are enticed to invest in this fraudulent scheme by the promises
of abnormally high profits. However, no investments are actually made by the so called “investment
firm”. Early investors are paid returns with the investment capital received from subsequent
investors. The system eventually collapses and investors do not receive their promised dividends
and lose their initial investment.

Spoofing/Phishing- a technique whereby a fraudster pretends to be someone else’s email or web

site. This is typically done by copying the web content of a legitimate web site to the fraudster’s
newly created fraudulent web site. Phishing refers to the scheme whereby the perpetrators use the
spoofed web sites in an attempt to dope the victim into divulging sensitive information, such as
passwords, credit card and bank account numbers. The victim, usually via email is provided with a
hyperlink that directs hi/her to a fraudster’s web site. This fraudulent web site’s name closely
resembles the true name of the legitimate business. The victim arrives at the fraudulent web site and
is convinced by the sites content that they are in fact at the company’s legitimate web site and are
tricked into divulging sensitive personal information. Spoofing and phishing are done to further
perpetrate other schemes, including identify theft and auction fraud.

Phishing
The Anti-Phishing Working Group defines Phishing as “a form of online identity theft that uses
spoofed emails designed to lure recipients to fraudulent websites which attempt to trick them into
divulging personal financial data such as credit card numbers, account usernames and passwords,
social security numbers, etc.” (Anti-Phishing Working Group, 2004). An example of a phishing
website can be seen in Figure 1. An example of a phishing website can be seen in Figure 1.

Theft Computer Crimes

Computer crimes involving theft are very diverse. The gaining of access and removal of property
through the use of electronic resources generally defines theft computer crimes. This property may
include money, service, programs, data, or computer output, and computer time (Rushinek &
Rushinek, 1993), (Haugen & Selin, 1999). In addition, altering computer input or output without
authorization, destroying or misusing proprietary information, and the unauthorized use of
computer resources (theft of computer time) can be considered theft-related computer crimes.
Internet piracy is a more prominent form of theft in a digital medium. Piracy is the act of
duplicating copyrighted material without authorization (Business Software Alliance, 2004). For the
past few years, private and law enforcement organizations have been putting a concentrated effort
on stopping this offense. Organizations such as the Recording Industry Association of America
(RIAA) and the Motion Picture Association of America (MPAA) routinely engage in both civil as
well as criminal lawsuits to curb piracy. The MPAA alone estimate their potential revenue lost
because of piracy to be over three billion dollars a year. (Motion Picture Association of America,
2004)
An example of this type of crime can be seen locally. Kishan Singh, a Lanham, Maryland resident
recently plead guilty to operating a pay-for-access website that provided pirated software with the
copy-protection elements removed or disabled.

Unauthorized Access
Unauthorized access is a prerequisite to many forms of computer crimes and computer fraud. This
form of crime amounts to electronic intrusion, or gaining access to resources via a computer
resource without permission. Unauthorized access may occur both on individuals’ personal
computers, as well as in the workplace. One major form of unauthorized access is known as
hacking. Hacking is “...the act of gaining unauthorized access to a computer system or network and
in some cases making unauthorized use of this access.” (Rushinek & Rushinek, 1993) As stated
previously, unauthorized access may be a gateway to commit other offenses.

Denial of Service
A denial of service attack is a targeted effort to disrupt a legitimate user of a service from having
access to the service. This may be accomplished through a number of methods. Offenders can limit
or prevent access to services by overloading the available resources, changing the configuration of
the service’s data, or physically destroying the available connections to the information (CERT,
2001).
Crimes of this type have been perpetrated against major online entities, such as Yahoo.com,
eBay.com, CNN.com, and Buy.com. In these crimes, offenders most often attempt to overload the
sites with electronic connections in order to disrupt service to legitimate users (CNNMoney, 2000).

Computer Invasion of Privacy

Computer invasion of privacy is another form of computer crime proscribed in state legislatures.
Virginia Code title 18.2 chapter 5, article 7.1 section 152.5 declares:

Harmful Content Crimes

The National Institute of Justice groups offenses with an intent to cause harm to others as harmful
content crimes (U.S. Department of Justice, 2001). Included in this category are child pornography
and exploitation crimes, harassment, stalking, and malicious programs and use of computer
resources.

Online Pornography
Online child pornography is defined by pedophiles using computer resources to distribute illegal
media of and to minors, as well as engaging in actions to sexually exploit children. At the national
level, the FBI’s Innocent Images National Initiative, an element of their Cyber Crimes Program,
investigates these types of crimes and coordinates with regional

Online harassment
Online harassment is unwanted contact by offenders that may negatively impact a victim’s
livelihood, well-being, and mental or emotional state. One of the most common forms online
harassment takes is that of cyberstalking.

Cyberstalking
Cyberstalking is using a computer in the perpetration of the traditional crime of stalking. The
traditional crime of stalking usually involves “harassing and threatening behavior that an individual
engages in repeatedly, such as following a person, appearing at a person’s home or place of
business, making harassing phone calls, leaving messages or objects, or vandalizing a person’s
property. Cyberstalker involves the use of a computer in the perpetration of those acts. People can
cyberstalk others by sending harassing or threatening messages through e-mail, instant messaging,
or by posting messages on websites/chat rooms. However, there are other, unconventional ways to
cyberstalk an individual.

Spam
Another form of computer crime is spam mail. Spam mail is the distribution of bulk e-mail that
offers recipients deals on products or services. The purpose of spam mail is to make customers think
they are going to receive the real product or service at a reduced price. However, before the deal can
occur, the sender of the spam asks for money, the recipients’ credit card number or other personal
information. The customer will send that information and never receive the product nor hear from
the spammer. The case of Jeremy Jaynes is a prime example of what a criminal can do with spam
mail.

Malicious Programs and Computer Resource Use

In addition to traditional crimes occurring on the electronic resources, there are crimes that exist
explicitly due to the availability of technology. These crimes, which include denial of service
attacks, malicious programs, viruses, and instances of cyberterrorism are designed to disrupt and
negatively impact entities in both the digital and real world. As explained in the FBI Law
Enforcement Bulletin, “...crimes which represent traditional offenses, perpetrated in new and,
perhaps, more effective ways,

Malicious Programs/Viruses
Viruses and malicious programs can potentially impact a massive amount of individuals and
resources. These programs are intended to cause electronic resources to function abnormally and
may impact legitimate users access to computer resources. For instance, the “Melissa” virus
released in early 1999 contaminated 1.2 million computers used by U.S. businesses, impacted
computer resources throughout the U. S. and Europe, and is estimated to have created eighty million
dollars in damages worldwide (Computer Crimes and Intellectual Property Section, 2003).
An example of a malicious program can be seen in the investigation of Claude R. Carpenter, an
Internal Revenue Service systems technician who plead guilty to inserting malicious code into IRS
three computer systems, which was designed to erase all of the

Cyberterrorism
Cyberterrorism is the adaptation of terrorism to computer resources, whose urpose is to cause fear
in its victims by attacking electronic resources.